AWS-Least-Privilege is an open source tool that aims to streamline the process of collecting resource usage information from X-Ray for reaching a "Least Privilege" security posture for a serverless application. AWS X-Ray provides in-depth information about service API calls. Using this information, the tool is able to build a profile of the AWS resources and actions that are used by an application and generate a policy document reflecting it. Additionally, the tool can compare the generated policy with the current active policy for continuous monitoring and alerting purposes.

Project page: https://github.com/functionalone/aws-least-privilege

Intro blog post: https://bit.ly/2IVCZxw